In today’s digital landscape, HTTPS is not just an optional feature but a critical security standard for all websites. It plays a vital role in protecting user data, fostering trust, and even influencing search engine rankings.
HTTPS ensures that data transmitted between a user and a website is encrypted, safeguarding sensitive information such as passwords, credit card details, and personal data from being intercepted or read by unauthorized parties. This encryption is especially crucial when users are browsing on public or unsecured networks, as it effectively prevents data breaches and upholds user privacy and security.
To make the transition to HTTPS easier, Let’s Encrypt, a trusted Certificate Authority (CA), provides free TLS/SSL certificates. Their service simplifies the process of enabling HTTPS on web servers by offering Certbot, an easy-to-use software client that automates most of the steps required to obtain and install these certificates.
With Let’s Encrypt, website administrators can enhance security, protect their users, and build trust, all without incurring additional costs. Switching to HTTPS has never been easier, making it an essential step for anyone managing a website today.
n this guide, we’ll walk you through using Certbot to obtain a free SSL certificate for your Apache server on Ubuntu 20.04. We’ll also ensure that the certificate is configured to renew automatically, so you don’t have to worry about manual updates.
To keep things organized, this tutorial uses a dedicated virtual host file for setting up your website instead of modifying Apache’s default configuration file. This approach ensures a cleaner and more maintainable server configuration.
To get started, you’ll need two essential packages:
- certbot – The Certbot client that interacts with Let’s Encrypt to obtain the SSL certificate.
- python3-certbot-apache – A plugin that integrates Certbot with Apache, allowing you to automate both the certificate issuance and HTTPS configuration on your web server in just one command.
This streamlined process makes it simple to secure your website with HTTPS quickly and effectively.
Install Certbot Package
Install the certbot package using the apt-get command in ubuntu terminal
sudo apt-get install certbot python3-certbot-apachePress Yes if it asks for confirmation and the terminal will take some time to fetch the certbot package from the repository and install it on your system
Configure Apache Virtual Hosts
Certbot has now been successfully installed on your server. The next step is to verify your Apache configuration to ensure that your virtual host is correctly set up. This is crucial for Certbot to detect your domains and automatically reconfigure your web server to use the newly generated SSL certificate.
To automatically obtain and configure SSL, Certbot relies on the correct virtual host in your Apache configuration. It identifies your domain name(s) from the ServerName and ServerAlias directives within your VirtualHost block. If you’ve already set up a virtual host (In my case it is at /etc/apache2/sites-available/000-default.conf) during the Apache installation, ensure these directives are properly configured for your domain.
sudo nano /etc/apache2/sites-available/000-default.confOpen the file with any editor of your choice and make changes to the following variables.
ServerAdmin [email protected]
ServerName library
ServerAlias www.library
DocumentRoot /var/www/html
Update it accordingly. When you’re done, save the file and quit the editor. and then, run the following command to validate that our variables are correctly set and saved:
sudo apache2ctl configtestIf everything is correct the command should return “Syntax OK” . If there is an error, just check the all the syntext are correct and make the file perfect again.
Then Reload the Apache service
sudo systemctl reload apache2Obtain the SSL with Certbot
Once Certbot is installed, and Virtualhosts are set, use the Apache plugin to obtain an SSL certificate for your domain and configure your server automatically. Run:
sudo certbot --apacheThe script will guide you through a series of prompts to configure your SSL certificate. The first step is to provide a valid email address, which will be used for renewal notifications and important security updates:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): you@your_domain.tld
After entering a valid email address, press ENTER to proceed. Next, you’ll be prompted to agree to Let’s Encrypt’s terms of service.
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
(A)gree/(C)ancel: A
To confirm, press A and then ENTER.
You will then be asked if you’d like to share your email with the Electronic Frontier Foundation to receive updates and information. To decline, type N; to subscribe, type Y. Press ENTER to continue.
In the next step, Certbot will ask which domains you want to enable HTTPS for. These domains are automatically retrieved from your Apache virtual host configuration, so it’s essential to ensure your ServerName and ServerAlias settings are correctly configured.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: library.cup.edu.in
2: www.library.cup.edu.in
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
To enable HTTPS for all listed domains (recommended), simply leave the prompt blank and press ENTER. If you prefer to activate HTTPS for specific domains, enter their corresponding numbers (separated by commas or spaces) and then press ENTER to proceed.
You’ll see output like this:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for library.cup.edu.in
http-01 challenge for library.cup.edu.in
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.confEnabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Next, you’ll be prompted to select whether or not you want HTTP traffic redirected to HTTPS. In practice, this means that if someone visits your website via the unencrypted HTTP protocol, they will automatically be redirected to the secure HTTPS version of your site.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Select option 2 to enable this redirection, or choose option 1 if you prefer to keep HTTP and HTTPS as separate ways to access your website.
Once this step is complete, Certbot will finalize the configuration. You’ll then see the final remarks about your new certificate, including details on where to find the generated files. Additionally, you’ll be provided with instructions on how to test your configuration using an external tool to verify the authenticity of your certificate.
Congratulations! You have successfully enabled https://library.cup.edu.in
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=library.cup.edu.in
IMPORTANT NOTES:
If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/library.cup.edu.in/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/library.cup.edu.in/privkey.pem
Your cert will expire on 2025-07-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Congratulations!
Your certificate is now successfully installed and integrated into Apache’s configuration. To verify, try reloading your website at your Domain, since I have installed and enabled it on my website it Is perfectly working on https://library.cup.edu.in
Further you can check your browser’s security indicator. It should show that your site is properly secured, usually by displaying a lock icon in the address bar.
In this tutorial, you’ve installed the Let’s Encrypt client Certbot, configured and applied an SSL certificate for your domain, and ensured that Certbot’s automatic renewal service is active via systemctl. If you have any further questions about using Certbot, their official documentation is a great resource to consult.
